user_password_login (compatibility) does not support fully qualified Matrix user IDs #3439
Labels
A-Compatibility-Layer
Related to the legacy Matrix authentication compatibility layer
A-Spec-Compliance
Divergence from the Matrix or the OAuth 2.0/OIDC specifications
The issue appears to be with this code: https://github.com/element-hq/matrix-authentication-service/blob/main/crates/handlers/src/compat/login.rs#L378-L395
As described in the spec for m.id.user, the user identifier (in the
username
variable) can either be the fully qualified Matrix user ID, or just the localpart of the user ID.The code passes
username
directly to the repository'sfind_by_username
which does a lookup against the database. The database only contains the localpart of user IDs, so matching only works with that.When the
user_password_login
function is invoked with ausername
which is a fully qualified Matrix user ID, it will fail to find the user and will report it as missing.I'm hitting this bug with anoadragon453/matrix-reminder-bot (built on matrix-nio), which:
matrix.user_id
with a localpart user ID makes it raise this error:matrix_reminder_bot.errors.ConfigError: matrix.user_id must be in the form @name:domain
)/_matrix/client/v3/login
endpointHere's an example
curl
request that would trigger this issue:Matrix Authentication Service would respond to this request with a generic response:
.. while actually logging the real issue:
matrix-reminder-bot (or rather, matrix-nio) would then be extra unhelpful and choke on the HTTP response:
If
identifier.user
in the JSON payload is adjusted to be a localpart user ID, Matrix Authentication Service successfully authentications the user.The text was updated successfully, but these errors were encountered: